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ETAILED ACTION 

1. Claims 1-21 have been examined. 

Priority 

2. Acknowledgment is made of applicant's claim for priority based on an U.S. 
Provisional Patent Applications 60/742158 and 60/472170, both filed on May 21, 
2003. 

Drawings 

3. The drawings are objected to because of following informalities. Fig. 1 is presented 
to support discussions regarding prior art (see pg. 1 of the specifications, for 
example). Thus, Fig. 1 should be labeled as a prior art figure. Furthermore, under 
37 CFR 1 .83(a) the drawings must show every feature of the invention specified in 

. the claims. Therefore, the "removing the second source IP address from the table 
when the second source IP address is determined to no longer be present on the 
port (claim 6-7 and 14) must be shown or the feature(s) canceled from the claim(s). 
No new matter should be entered. 

Corrected drawing sheets in compliance with 37 CFR 1.121(d) are required in 
reply to the Office action to avoid abandonment of the application. Any amended 
replacement drawing sheet should include all of the figures appearing on the 
immediate prior version of the sheet, even if only one figure is being amended. The 
figure or figure number of an amended drawing should not be labeled as "amended." 
If a drawing figure is to be canceled, the appropriate figure must be removed from 
the replacement sheet, and where necessary, the remaining figures must be 
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renumbered and appropriate changes made to the brief description of the several 
views of the drawings for consistency. Additional replacement sheets may be 
necessary to show the renumbering of the remaining figures. Each drawing sheet 
submitted after the filing date of an application must be labeled in the top margin as 
either "Replacement Sheet" or "New Sheet" pursuant to 37 CFR 1.121(d). If the 
changes are not accepted by the examiner, the applicant will be notified and 
informed of any required corrective action in the next Office action. The objection to 
the drawings will not be held in abeyance. 

Claim Objections 

4. Claim14 is objected to because of the following informalities: the second term 
"present" in the phrase "... is not present on present ..." appears to be unnecessary. 
Appropriate correction is required. 

Claim Rejections - 35 USC §112 
The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the 
subject matter which the applicant regards as his invention. 

5. Claims 6-7, 1 1 and 13-14 are rejected under 35 U.S.C. 112, second paragraph, as 
being indefinite for failing to particularly point out and distinctly claim the subject 
matter that applicant regards as the invention. 

6. Ports are not storage devices and the phrase: "IP address ... present on the port" 
recited in claims 6-7, 11 and 13-14 is not understood. 

7. Claim 10 recites: "receiving a first data packet on the port; ... passing the data 
packet through the port, if the first source IP address stored in the table". It appears 
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that "the data packet" refers to the previously cited "a first data packet". As a result, 
the limitation is not understood. The first part clearly indicates that the data packet is 
already passed through the port ("receiving a first data packet on the port") 
regardless whether the first source IP is or is not stored in the table. As a result, it is 
not clear whether applicant attempts to limit any additional data packets arriving from 
the first source IP address or whether the limitation intends to restrict the packet to 
be forwarded to the destination if the first source IP address is not stored in the 
table. The specification does not clarify the ambiguity. As a result the metes and 
bounds of the limitation cannot be ascertained. 

8. Claims 6-7 and 14 are ambiguous, perhaps missing essential elements. Claims 6-7 
and 14 are dependent on claims reciting a table storing MAC/IP addresses used in 
filtering data. Claim 6-7 and 14 add limitations that require removing an address 
from the table when the address is not present on the first port. The relationship 
between the address in the table and ports is not understood. It is not clear whether 
the limitation is directed towards the active connection between the device and a 
source network device or whether some other interpretation should be exercised. If 
the limitation would refer to the active session then it is not cleared whether the table 
is an access control table, as it seems to be the point of the invention (see Abstract) 
or simply a reference table that keeps a track of current sessions. Applicant should 
amend the claim language and/or include missing limitations in order to clarify the 
connection between elements of claims 6-7, 14 and the claims they depend on. 

9. For purposes of further examination the phrases are treated as best understood: 
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Appropriate correction is required. 

Claim Rejections - 35 (JSC §102 

(e) the invention was described in a patent granted on an application for patent by another filed in the United 
States before the invention thereof by the applicant for patent, or on an international application by another 
who has fulfilled the requirements of paragraphs (1 ), (2), and (4) of section 371 (c) of this title before the 
invention thereof by the applicant for patent. 

1 0. Claims 1 -2, 4-5 and 1 0 are rejected under 35 U.S.C. 1 02(e) as being anticipated by 
Doyle (U.S. Patent No. 7134012). 

As per claims 1 and 10, Doyle discloses a network device comprising a port (e.g. 
Fig. 1), receiving a first data packet on the port (Fig. 5, step 500); determining a first 
MAC address for the received first data packet; determining a first source IP address 
for the received first data packet, wherein the first source IP address for the received 
first data packet and the first MAC address for the received first data packet form a 
first source IP address and MAC address pair (Fig. 5, step 510), comparing the first 
source IP address and MAC address pair with information in a table which stores 
source IP address and MAC address pairs (Fig. 5, Step 530, Table 2 and col. 9 lines 
1 9-28, for example. Note that Doyle discloses similar teaching in Fig. 6, 7 etc.). 

1 1 . As per claims 2, 4, Doyle disclose learning the source IP address for the new 
received MAC address, wherein the learning of the source IP address utilizes at 
least on of the processes selected from the following group of processes: (1 ) using a 
reverse address resolution protocol, (2) listening to a DHCP response packet; (3) 
watching for a IP header information in a data packet and (4) listening to ARP 
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requests and ARP reply messages (col. 3 lines 46-54); and storing the new IP/MAC 
address pair in the table (col. 3 lines 52-54, Table 2, col. 7). 

12. As per claim 5, the table reads on Access Control List (it is used to filter data) and in 
order for the device to access the entries, the table inherently must be stored in a 
content addressable memory. 

Claim Rejections - 35 USC § 103 
The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

13. Claims 10 is rejected under 35 U.S.C. 102(b) as being anticipated by firewalls as 
illustrated by Pfleeger (Charles P. Pfleeger, "Security in computing", 2nd edition, 
1996, ISBN: 0133374866). 

Firewalls are devices that are filter traffic that travels from a source to a destination 
("What is Firewall", Pfleeger, pg. 428). Firewalls may pass the data packet only from 
certain sources ("utilize policies to permit accesses only from certain places", "What 
is Firewall", Pfleeger, pg. 428), and on page 429-430 Pfleeger discuses "screening 
routers" that implement IP address to identify a particular source/destination. 
Furthermore, in network environment devices inherently utilize ports to communicate 
with each other. Thus, Pfleeger disclosure reads on receiving a first data packet on 
a port, determining a first source IP address for the first data packet received at the 
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port and passing the data packet through the port, if the first source IP address is 
stored in a network device. 

14. Although Pfleeger does not explicitly disclose using a table to store and retrieve data 
such as IP address, utilizing tables to store and retrieve data is well known in the art 
as illustrated by the Pfleeger on pg. 242-243 (other examples of table storing data 
relevant to routing information can be found in U.S. Patents No. 6256314, 6907470 
etc.). One would have been motivated to use tables to store and retrieve data such 
as IP address especially in light of the benefits of table structures as evidenced by 
their commercial success. 

15. Claim 6-8, 11-15 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Doyle (U.S. Patent No. 7134012) in view of Official Notice. 

Doyle discloses filtering network packets received on ports. 

16. As per claim 8 and 11-13, Doyle does not disclose maximum number of source IP 
addresses already on the port resulting in blocking packets at the port. 

Official Notice is taken that assigning maximum number of source IP addresses to 
ports it is old and well-known practice (U.S. Pub. No. 20020055980 or U.S. Patent 
No. 6338089). 

One of ordinary skill in the art at the time of applicant's invention would have been 
motivated to assign maximum number of source IP addresses to ports giving the 
benefit of efficiency. Reaching maximum number of source IP address would 
inherently, at least temporarily, result in blocking packets at the port. 
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17. Also, as per claim 8 and 15, Doyle does not explicitly disclose an administrator 
selecting the maximum number of source IP addresses. 

Official Notice is taken that configuring computers by administrators (e.g. determine 
selection of values, e.g. ports) is old and well-known practice in the art of computing 
(e.g. DHCP scope administration). One of ordinary skill in the art at the time of 
applicant's invention would have been motivated to allow administrators to configure 
computers giving the benefit of network customization. 

18. As per claims 6-7 and 14, Doyle does not disclose determining and removing the 
first source IP address from the table when the first source IP address is not present 
on the first port. 

Official Notice is taken that it is old and well-known practice to monitor activity of 
computer processes, including network connections and terminate inactive activities 
(e.g. U.S. Patent No. 6338089). One of ordinary skill in the art at the time of 
applicant's invention would have been motivated to employ monitor computer 
processes such as IP network connection and remove inactive processes given the 
benefit of efficiency, e.g. by preventing deadlocks. 

19. Claim 3 is rejected under 35 U.S.C. 103(a) as being unpatentable over Doyle (U.S. 
Patent No. 7134012) in view of Whelan (U.S. Pub. No. 20040003285). 

Doyle disclosure has been discussed supra. 

Doyle does not disclose performing a reverse IP check to confirm the learned source 
IP address. 
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Whelean discloses performing a reverse IP check to confirm the IP address 
(Whelean [0036]). It would have been obvious to one of ordinary skill in the art at 
the time of applicant's invention to perform a reverse IP check to confirm the IP 
address. One of ordinary skill in the art would have been motivated to perform such 
a modification in order to identify rogue access (Whelean [0036]). 

20. 

21. Claims 9 and 16-21 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Doyle (U.S. Patent No. 7134012) in view of Sawada (U.S. Pub. No. 6907470). 
Doyle discloses a network device as discussed supra. 

22. As per claim 17, Doyle does not explicitly disclose that the network device comprise 
a plurality of ports. 

Sawada discloses a network device with a plurality of ports (e.g. Sawada, router in 
Fig. 13 and col. 1 1 line 65-col. 12 line 6). 

It would have been obvious to one of ordinary skill in the art at the time of applicant's 
invention to incorporate a plurality of ports as taught by Sawada. One of ordinary 
skill in the art would have been motivated to perform such a modification in order to 
freely connect users from different subnets. 

23. Claims 18-21 are implicit; previously discussed Doyle's disclosure clearly teaches 
verifying MAC/IP address pair in order to drop spoofed packets. 

24. As per claims 9 and 16 Doyle in view of Sawada do not disclose receiving input from 
a system administrator which selects ports of the plurality of port will be provided 
based on a source IP address and MAC address pair contained in a data packet. 
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Official Notice is taken that configuring computers by administrators (e.g. determine 
selection of values, e.g. ports) is old and well-known practice in the art of computing 
(e.g. DHCP scope and firewall administration). One of ordinary skill in the art at the 
time of applicant's invention would have been motivated to allow administrators to 
configure computers giving the benefit of network customization. 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Peter Poltorak whose telephone number is 
(571) 272-3840. The examiner can normally be reached Monday through 
Thursday from 9:00 a.m. to 4:00 p.m. and alternate Fridays from 9:00 a.m. to 
3:30 p.m. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kambiz Zand can be reached on (571 ) 272-381 1 . The fax phone 
number for the organization where this application or proceeding is assigned 
is (571) 273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published 
applications may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through Private PAIR only. For 
more information about the PAIR system, see http://pair-direct.uspto.gov. Should 



Application/Control Number: 1 0/631 ,366 Page 1 1 

Art Unit: 2134 

you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 





